Forum Discussion

Danny_Trinh_197's avatar
Danny_Trinh_197
Icon for Nimbostratus rankNimbostratus
Mar 01, 2009

Check ports TCP443, TCP5061, UDP3478, TCP-UDP-50000-59999

I'm still in elementary level of iRule. I have script below to check ports. This script is for MS Unified communication (UC). Can you go through to see if I miss some thing?

 

The scrip will do:

 

-if ports TCP-UDP 50000-59999, go to pool 1

 

-if ports TCP-443, TCP5601, go to pool2

 

-if port UDP3478, go to pool 3

 

-any thing else drop.

 

when CLIENT_ACCEPTED {

 

if { [[TCP::client_port] < 60000 && [TCP::client_port] > 49999] or [[UDP::client_port] < 60000 && [UDP::client_port] > 49999]} then {

 

Goto pool1

 

pool pool1

 

} elseif { [[TCP::client_port] == 443] or [[TCP::client_port] == 5061] } then {

 

Goto pool2

 

pool pool2

 

} elseif { [[UDP::client_port] == 3478] } then {

 

Goto pool3

 

pool pool3

 

} else {

 

drop

 

}

 

}
application delivery
dev
devops
iRules

4 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Mar 02, 2009
    Hi Danny,

     

     

    The logic looks fine. But are you trying to check the source port the client makes the request from (TCP::client_port / UDP::client_port)) or the port the client is making the request to (TCP::local_port/UDP::local_port))?

     

     

    Aaron
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Mar 02, 2009
    I would expect you want to check the port that the client made the request to. So it would be TCP::local_port and UDP::local_port.

     

     

    Understanding Protocols, Ports, and Services in Unified Messaging (Click here)

     

     

    Aaron
  • Desai_124243's avatar
    Desai_124243
    Icon for Nimbostratus rankNimbostratus
    Oct 20, 2015

    Hi, I wanna allow only 4 TCP/UDP ports from Virtual. Is below IRULE correct for it?

     

    rule allowing_tcp_udp_traffic_rl { when CLIENT_ACCEPTED { Check if requested port is allowing only TCP 443, TCP 80, UDP 4500 and UDP 500 if { ( [TCP::client_port] != 443 or [TCP::client_port] != 80 or [UDP::client_port] != 500 or [TCP::client_port] != 4500 ) } { Drop request drop } }

     

    }